We are ingesting eStreamer logs through eStreamer app version 222 developed not by Splunk.
The fields packet_sec and packet_usec seem to have interchanged their values. Also, the timestamp doesn't not include subseconds which are present either in the form event_usec or packet_usec.
Please help.
Thanks,
Thiru
What version of Firepower are you using? If it's 6.x you want to move right away to the new TA. https://splunkbase.splunk.com/app/3662/
I think this app will not work if splunk Cluster Environment is on windows.Let me know if any other way to ingest estreamer logs into splunk (Windows Environment) with latest version